Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2016-9811 4.7 MEDIUM EPSS 0.00

Gstreamer < 1.10.1 - Out-of-Bounds Read

The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

CWE-125 Jan 13, 2017

CVE-2016-9810 5.5 MEDIUM EPSS 0.01

Gstreamer < 1.10.1 - Out-of-Bounds Read

The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.

CWE-125 Jan 13, 2017

CVE-2016-9807 5.5 MEDIUM EPSS 0.01

Gstreamer < 1.10.1 - Out-of-Bounds Read

The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.

CWE-125 Jan 13, 2017

CVE-2016-9311 5.9 MEDIUM EPSS 0.05

NTP <4.2.8p9 - DoS

ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.

CWE-476 Jan 13, 2017

CVE-2016-9310 6.5 MEDIUM EPSS 0.02

NTP <4.2.8p9 - RCE

The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.

CWE-400 Jan 13, 2017

CVE-2016-8883 5.5 MEDIUM EPSS 0.00

JasPer <1.900.8 - DoS

The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

CWE-399 Jan 13, 2017

CVE-2016-8882 5.5 MEDIUM EPSS 0.00

JasPer <1.900.8 - DoS

The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

CWE-476 Jan 13, 2017

CVE-2016-8671 5.9 MEDIUM EPSS 0.00

MatrixSSL <3.8.6 - RCE

The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887.

CWE-200 Jan 13, 2017

CVE-2016-8467 5.5 MEDIUM 1 PoC Analysis EPSS 0.00

Android - Privilege Escalation

An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784.

CWE-264 Jan 13, 2017

CVE-2016-7433 5.3 MEDIUM EPSS 0.07

NTP <4.2.8p9 - Info Disclosure

NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."

CWE-682 Jan 13, 2017

CVE-2016-7431 5.3 MEDIUM EPSS 0.19

Ntp - Improper Input Validation

NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.

CWE-20 Jan 13, 2017

CVE-2016-7428 4.3 MEDIUM EPSS 0.05

Ntp - Denial of Service

ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.

CWE-400 Jan 13, 2017

CVE-2016-7427 4.3 MEDIUM EPSS 0.05

Ntp - Denial of Service

The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.

CWE-400 Jan 13, 2017

CVE-2016-6887 5.9 MEDIUM EPSS 0.00

Matrixssl < 3.8.6 - Information Disclosure

The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack.

CWE-200 Jan 13, 2017

CVE-2017-3890 6.1 MEDIUM EPSS 0.00

BlackBerry WatchDox Server - XSS

A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link.

CWE-79 Jan 13, 2017

CVE-2016-10135 5.5 MEDIUM EPSS 0.00

MTKLogger - Info Disclosure

An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any application that resides on the device. Namely, the com.mediatek.mtklogger.framework.LogReceiver and com.mediatek.mtklogger.framework.MTKLoggerService application components are exported since they contain an intent filter, are not protected by a custom permission, and do not explicitly set the android:exported attribute to false. Therefore, these components are exported by default and are thus accessible to any third party application by using android.content.Intent object for communication. These application components can be used to start and stop the logs using Intent objects with embedded data. The available logs are the GPS log, modem log, network log, and mobile log. The base directory that contains the directories for the 4 types of logs is /sdcard/mtklog which makes them accessible to apps that require the READ_EXTERNAL_STORAGE permission. The GPS log contains the GPS coordinates of the user as well as a timestamp for the coordinates. The modem log contains AT commands and their parameters which allow the user's outgoing and incoming calls and text messages to be obtained. The network log is a tcpdump network capture. The mobile log contains the Android log, which is not available to third-party apps as of Android 4.1. The LG ID is LVE-SMP-160019.

CWE-200 Jan 13, 2017

CVE-2016-5737 6.1 MEDIUM EPSS 0.00

Openstack Puppet - XSS

The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review.

CWE-79 Jan 12, 2017

CVE-2016-5715 6.1 MEDIUM EPSS 0.01

Puppet Enterprise <2016.4.0 - Open Redirect

Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6501.

CWE-601 Jan 12, 2017

CVE-2016-3150 6.1 MEDIUM EPSS 0.00

Barco Clickshare Csc-1 Firmware < 01.09.05.02 - XSS

Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jan 12, 2017

CVE-2016-10027 5.9 MEDIUM EPSS 0.00

Smack <4.1.9 - Privilege Escalation

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.

CWE-362 Jan 12, 2017

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps